- Name: SWeidner
- Location: Elk Point, South Dakota, United States
My Blogger Code
B5 d+ t k s u- f- i- o- x-- e l- c (decode it!)
My Geek Code
GAT/IT d-(+) s+(): a C+++$ ULC+++>$ P++>++++ L++$>++++ !E W++>$ N+ !o !K w+()@ !O !M- !V PS-(--)@>--- PE+ Y-- PGP>++ t+ !5(-) X+ !R- tv-(+)? b+ DI++++ D++>$ G e+>++ h----(-) r+++ y++++
Steve's random ramblings and technical notes
Monday, October 25, 2004
LFT - network (reverse) engineer's alternative traceroute
LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filter based firewalls. More importantly, LFT implements numerous other features including AS number lookups, loose source routing, netblock name lookups, et al.
What makes LFT unique? Rather than launching UDP probes in an attempt to elicit ICMP TIME_EXCEEDEDs from hosts in the path, LFT accomplishes substantively the same effect using TCP SYN or FIN probes. Then, LFT listens for TIME_EXCEEDED messages, TCP RESET, and various other interesting heuristics from firewalls or other gateways in the path. LFT also distinguishes between TCP-based protocols (source and destination), which make its statistics slightly more realistic, and gives a savvy user the ability to trace protocol routes, not just layer-3 (IP) hops.
To those who would ask the question "who did that first?" with regard to utilizing TCP for traceroute, the answer is "we don't know." However, LFT was first released to the pulic in 1998 under the name FFT.
LFT's engine continues to evolve and provide more and more useful data to network engineers and to anyone else that cares how IP data is being routed. With the advent of smarter firewalls, traffic engineering, QoS, and per-protocol packet forwarding, LFT has become an invaluable tool for many network managers worldwide.